Articles by the cybersecurity community

Showing posts with label cybersecurity terms. Show all posts
Showing posts with label cybersecurity terms. Show all posts

#cybersecurity - 5 points about vulnerabilities and patching

Software and technology evolve fast, and at times they may have an inadvertent flaw in them. Vulnerabilities in technology or software code can be exploited by criminals to gain access to a person’s computer or phone, or a company’s system. The reason why software companies release security patches is to fix or mitigate security flaws that have been discovered in their code

 

Five points about vulnerabilities and patching:

1. Vulnerabilities – A flaw in code, hardware or systems may be exploited by criminals to gain access to restricted systems

2. Zero day - A vulnerability that is not widely known about, except by the criminals exploiting it, and where there is yet no known fix, is called a zero-day exploit.

3. Exploits - Criminals can exploit vulnerabilities in applications and use these to steal passwords, gain access to networks and install malware

4. Patches - Software companies release security patches is to fix or mitigate security flaws.

5. Patching - All users of technology, whether individuals or corporate entities need to ensure they keep their systems and software current and patched as this helps to protect the technology from criminal exploitation.



#Cybersecurity - least privilege

The concept of least privilege relates to users having an account on a computer / system that has the absolute minimum permissions needed to do their work.

If a criminal manages to access a computer or system via administrative privileges they can hide their tracks, exfiltrate data, and ensure they remain undetected for a long period of time. If however a criminal gains access to the computer system credentials of a person with limited access, then the criminal is restricted on what they can do.

While it is understandable that some computer users in a business environment may want the flexibility and freedom to download and update software on their work computer themselves, this can cause a significant cyber security risk to the computer, data, and system. For home users, good practice is to create two accounts on their home computers, one with the administrative rights and a secondary account without administrative rights that serves as the everyday computer account

Restricting administrative rights, will allow users to continue their work while reducing the attack surface for criminals.



#Cybersecurity - three ways malware can gain persistence

The purpose of the Demystify Cyber project, is to bring cybersecurity and cybercrime awarenss to all users of technology. Part of that includes explaining terms commonly used by cybersecurity practitioners, that may seem a little myserious to everybody else. Given that cybercrime can impact anyone cybersecurity should not be kept a mystery.

Let's look at malware persistence

When a criminal has taken all that effort to get some nasty piece of malware on your computer, they want it to stay there and do its thing for as long as possible.  Ways to  keep malware active on a compromised device, even after rebooting, is referred to as malware persistence. 

'How do criminals get their malware to have persistence on a computer?'  - do I hear you ask?

Well I am glad you raised this, because there are many ways, and understanding a bit about them can help everyone who uses technology stay just that little bit safer from cybercrime.

The below is a very brief list, written in as non-tech terms as I could achieve on an afternoon after work and without sufficient coffee, covering three ways malware can gain persistence on a compromised computer.

Three ways malware can gain persistence

1. Compromised accounts

If the account used for the computer has been comprmosed (such as via a phishing email) the criminal could use the accoutn details to ensure the computer remains infected.

2. Start up folder / launch agents

As a computer starts, it automatically runs through processes to ensure everything is operating and connected for the user. The Windows operating system keeps these processes in a start up folder. and in Apple computers, the MacOS uses launch agents If malware edits the start up folder, or launch agents everytime the computer is started the malware will start as well.

3. Malicious browser extensions

A criminal may create what appears to be a legitimate browser extension, however once installed it is used to infect and gain malware persstence of a compromised computer.

Want to know more about malware persistence?

The Mitre ATT&CK site has an indepth look at malware persistence yu can access it via this link (or look up 'Mitre ATT&CK malware persistence' in the search engine of your choice) Link: https://attack.mitre.org/versions/v9/tactics/TA0003/


How to stay safer from malware

  • Use a reputable and up to date anti-virus application and run regular as well as active scans on your computer.
  • Keep your operating system and software patched
  • Only install browser extensions from reputable stores, and be cautious even then 
  • Take care not to click links in unsolicited emails
  • Do not put your account credentials into a link you arrived at via an email - navigate to the site yourself to log in
  • Consider using multi-factor authentication (MFA) wherever possible
  • Take care to only instal legitimate sofware from official sources

picture of a frog typing at a computer, speech bubble says 'i use MFA multi frog authenticaiton'
This image has been created by the Demystify Cyber blog author (c) A. Turner 2021